A free, read-frendly and open-source book on ZF3

16. User Management, Authentication and Access Filtering

Most websites on the Internet allow their visitors to register on the site and create a profile. After that, the visitor can log in and have a personalized experience. For example, in a E-commerce website, a registered user can buy goods, manage their shopping cart and make a payment with a credit card.

In this chapter, you will learn how to implement user authentication with login and password in a ZF3 website. We will show how to manage users (add, edit, view and change/reset password) in your web application and store users' passwords in the database securely. You will also learn how to implement an access filter and allow certain pages to be accessed by authenticated users only.

Since you already know a lot about ZF3 from reading previous chapters, in this chapter we will omit discussing some obvious things and concentrate on conceptual moments only. It is recommended that you refer to the User Demo sample bundle with this book, which is a complete website that you can run and see everything in action. All code discussed in this chapter is part of this sample application.

ZF3 components covered in this chapter:

Component Description
Zend\Authentication Provides user authentication feature.
Zend\Crypt Provides functionality for password encryption.
Zend\Math Provides functionality for generating secure random tokens.